What happens to consumers’ privacy and security when the web is their operating system?
In the New York Times this week, Jonathan Zittrain, professor of Internet Law at Harvard Law School, co-director of the stopbadware.org effort, and author of The Future of the Internet— and How to Stop It, offers a forward-looking, non-technical review of the Google Chrome OS, which was officially announced last week.
Many people consider this development to be as sensible and inevitable as the move from answering machines to voicemail. With your stuff in the cloud, it’s not a catastrophe to lose your laptop, any more than losing your glasses would permanently destroy your vision. In addition, as more and more of our information is gathered from and shared with others — through Facebook, MySpace or Twitter — having it all online can make a lot of sense.
The cloud, however, comes with real dangers.
The danger Zittrain foresees is manifold. As he expressed in The Future of the Internet, Zittrain worries that we-as-users will hastily adopt portable, ‘connected’ computers, like Apple’s iPhone, potentially forgoing much of the software and services offered by today’s Internet.
To further facilitate glitch-free operation, devices are built to allow no one but the vendor to change them. Users are also now able to ask for the appliancization of their own PCs, in the process forfeiting the ability to easily install new code themselves. In a development reminiscent of the old days of AOL and CompuServe, it is increasingly possible to use a PC as a mere dumb terminal to access Web sites with interactivity but with little room for tinkering. (“Web 2.0” is a new buzzword that celebrates this migration of applications traditionally found on the PC onto the Internet. Confusingly, the term also refers to the separate phenomenon of increased user-generated content and indices on the Web—such as relying on user-provided tags to label photographs.) New information appliances that are tethered to their makers, including PCs and Web sites refashioned in this mold, are tempting solutions for frustrated consumers and businesses.
But we have to expect that the Chrome OS will a fundamentally open system, allowing user’s to install any software and get pretty much anywhere on the web. The danger then, in Zittrain’s view, with the Chrome OS, is more an issue with the current state internet: The Internet was not designed with privacy and security in mind:
Some [dangers] are in plain view. If you entrust your data to others, they can let you down or outright betray you. For example, if your favorite music is rented or authorized from an online subscription service rather than freely in your custody as a compact disc or an MP3 file on your hard drive, you can lose your music if you fall behind on your payments — or if the vendor goes bankrupt or loses interest in the service. Last week Amazon apparently conveyed a publisher’s change-of-heart to owners of its Kindle e-book reader: some purchasers of Orwell’s “1984” found it removed from their devices, with nothing to show for their purchase other than a refund. (Orwell would be amused.)
Worse, data stored online has less privacy protection both in practice and under the law. A hacker recently guessed the password to the personal e-mail account of a Twitter employee, and was thus able to extract the employee’s Google password. That in turn compromised a trove of Twitter’s corporate documents stored too conveniently in the cloud. Before, the bad guys usually needed to get their hands on people’s computers to see their secrets; in today’s cloud all you need is a password.
Thanks in part to the Patriot Act, the federal government has been able to demand some details of your online activities from service providers — and not to tell you about it. There have been thousands of such requests lodged since the law was passed, and the F.B.I.’s own audits have shown that there can be plenty of overreach — perhaps wholly inadvertent — in requests like these.
Now, Zittrain points out that consumer laws can regulate many of these sort of problems. But he’s arguing the gate-keepers of the net (i.e. Mircrosoft, Amazon, Google), will improve security and privacy for only select applications, leaving the rest of the web in the dust.